Webmaster General Forum

The day started fine until I logged into my cpanel and found that some settings had been changed. I figured it was nothing to worry about. Some privileges on one of my mySQL users had been upgraded to full from create/update/insert. This is the second time it has happened and I figured it was nothing. However, this coupled with an anomoly a couple days ago - the addition by *somebody* of an extra access host - was enough to make me fill out a support ticket just to verify that it was nothing to worry about.

The tech support at my hosting company said it was very suspicious and they recommended I immediately change my cpanel password. So I also changed my webhost manager password, being as it and the cpanel pw were one in the same. For whatever reason something got screwed up and when I changed the WHM password it didn't work right and I was unable to log in. So I emailed them and they sent me a new one.

Fine, right? Everything is as it should be.

Well, now I have all but lost the desire to work on my websites or any new ideas. How did I get hacked? As far as I know I did nothing to allow my account to be compromised. I have long usernames and passwords consisting of upper & lower case letters and numbers.

My main site provides a service that, if it were to go down for a day, could really piss off my users. And what if all their data gets deleted by a malicious hacker? I had intentions to develop a lot of content and build up a lot larger user base than I have, but now I'm very apathetic about it all because I'm certain one day it will all just be gone.

I run an updated version of Norton AV, but for all I know I have a key logger hiding somewhere. I don't understand security as well as I should, and it seems no matter how much I learn there's always a loophole for some hacker to get in. And if they have access to my email, which they would with a key logger, then they also know my new cpanel password which was emailed to me.

So my first thought was to switch over to linux so I won't have to worry about key loggers or other spyware. I've tried several times to do this but with no luck getting past slackware or debian's installation process. They ask too many questions for which I simply don't know the answers. And after all is said and done, hours spent on each try, it just doesn't work right.

Walmart & Staples both have Linspire preinstalled on a desktop or two, and I'm considering getting one of them. But then I read that Linspire runs in root, that Linspire is a bad distro, etc. So I look at Mandrake, hearing it's easy to learn. I type "mandrake sucks" into google and up pop even more matches than it did for Linspire. Not to mention I can't find it preinstalled on a desktop anywhere.

Then almost jokingly I went to apple's website and wondered at the possibility of getting one of those new cheapie mini macs. But I don't know anything about them, nor do I know what/if/how to switch, or if it's even a security upgrade from what I have. $500 is a lot of money to me, and I'd like to be certain it's everything I hope before I bankrupt myself.

And in the end who knows if I even was hacked. All I know is that every day I go to bed I'll have this anxious feeling that something could go wrong, and one day it probably will. I suppose I could be as proactive as possible, backing up files every day, etc.. but still.

Am I just too paranoid, should I just get on with things and hope nothing is wrong?

Any suggestions as to what I should do to beef up my security? Switch to a linux distro - if so, what do you recommend for a newbie looking to learn FAST? I used to criticize Macs mostly out of ignorance, but from what I hear the security is quite tight. Is this a better option for somebody needing to make a quick switch?

Everything will be alright if you keep your head up.. Don't make any decisions right now, based on your emotions generated by the problem.. One thing that always proves true is that a brighter day is always coming.

Debian and Slackware are both know as distros which aren't real easy to install. Don't give up hope.

I haven't tried it yet, but I'd guess that Ubuntu would be a bit easier to install than Debian, though you'd get pretty much all the advantages of a Debian install plus a few more. I'll be trying it as soon as I feel I have some extra time.

There are a number of places where you can read about installing Ubuntu - here [workaround.org], and here [linuxbasics.org], I know I've read more newbie-friendly install instructions than these but can't find the url. There's also a slideshow of the install process here [shots.osdir.com], if the link doesn't work directly, click on the 'screenshot gallery' link. Note: you'll also find other step-by-step install instructions to do this.

If Ubuntu doesn't do you right, try getting a Knoppix live disk, see if it works live on your machine, and then follow the install script instructions you'll find on [knoppix.net...] .

I would recommend you stay with your present setup, and not overstress yourself with a whole new setup that will likely have just as many security problems. Concentrate on improving your security, your host will help since it concerns their reputation too.

It is most likely you have a loophole somewhere in your methods which you would only repeat in a new setup. You might try logging better/more (use traps to log unusual behaviour -keep these separate so you can view them often), change some key script or file names, secure access to files better (htaccess), and by all means change passwords (get a new password from your host over the phone), empty your computer cache after finishing (to remove trace of logins) and protect files on your computer (where did you leave that email with new password?). If you have perl forms scripts and such, read up on security for these, many people have poor security in their home written scripts or free scripts they installed. Make sure access to your mysql can only emanate from your website, that sort of thing.

Ubuntu is extremely simple to install, and if you decide to try it the only advice i can give is don't do the updates from the web during install, wait till it's done, because they have a tendency to mess up the install.

I understand how you feel, I think the only way I deal with something like that is to try to set traps for people. It takes away from working on the site, but it's fun and it lets you get your frustrations out.

It is possible that someone added some SQL into a form on your site. (The 'ole SQL injection attack) this would allow them to do certain things to your database. You might try adding a MAXSIZE value to your form fields and then parse the data to remove any harmful characters or SQL commands.

Don't sweat the small stuff though, putting a site on the internet is like building a sand castle on the beach, eventually some little brat kid is going to come along and try to mess with it. All you can do is try to track that little twirp and ban him from your section of the beach! ;o)

While it is quite possible that your personal computer has been compromised and used to find your server's password, it is far more likely IMHO that your server itself is in need of security updates. I'm not really sure whether you are running a dedicated server or not. If you are, consider hiring an admin to do updates for you. If you aren't, after ensuring your host is doing updates, consider hiring someone to do an audit of your website's code. Lots of web developers aren't very experienced programmers, and even an experienced programmer may oftn overlook glaring security holes.

You'd be amazed just how many sites are vulnerable to SQL injection or XSS attacks, among other things.